CVE-2025-50110

HIGH

AVTECH EagleEyes Lite <2.0.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50110. PoCs published by shinyColumn.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-50110, which involves the cleartext transmission of sensitive information in the EagleEyes Lite Android application. It includes a Frida hooking script to demonstrate the vulnerability by intercepting the `GetHttpsResponse()` method and confirming the exposure of credentials in the URL query string.

Description

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS

Exploits (1)

nomisec WRITEUP
by shinyColumn · poc
https://github.com/shinyColumn/CVE-2025-50110

This repository provides a detailed technical analysis of CVE-2025-50110, which involves the cleartext transmission of sensitive information in the EagleEyes Lite Android application. It includes a Frida hooking script to demonstrate the vulnerability by intercepting the `GetHttpsResponse()` method and confirming the exposure of credentials in the URL query string.

Classification
Writeup 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: EagleEyes Lite Android Application version 2.0.0
No auth needed
Prerequisites: Android device with EagleEyes Lite installed · Frida tool for hooking · Network interception capability
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0025
EPSS Percentile 15.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-319 CWE-598
Status published
Published Sep 15, 2025
Tracked Since Feb 18, 2026